On Tuesday, Google said that it will begin notifying an unnamed subset of users, which could equate to anywhere from thousands to millions of people daily, if it is believed they are the target of a state-sponsored attack.
Google already has the systems in place to monitor for malicious activity, especially attempts by unknown third parties to monitor users via unauthorized access. Now, Google said, when there is specific intelligence (from either users or their own monitoring mechanisms) that someone is at risk a warning will be displayed.
“If you see this warning it does not necessarily mean that your account has been hijacked. It just means that we believe you may be a target, of phishing or malware for example, and that you should take immediate steps to secure your account,” Eric Grosse, vice president of security engineering at Google noted in a blog post.
“You might ask how we know this activity is state-sponsored. We can’t go into the details without giving away information that would be helpful to these bad actors, but our detailed analysis—as well as victim reports—strongly suggest the involvement of states or groups that are state-sponsored,” he added.
The post goes on to explain that Google feels that it is their duty to be proactive, and warn users about potential attacks and active attacks. As the process develops, the warnings will continue to be updated based on the latest information.
A few questions remain unanswered.
Will the warnings be displayed if the unauthorized third-party is an EU or U.S. government agency? Google won’t say.
“We're going to decline to comment on the make-up of the countries that are involved,” a Google spokesperson said in a statement to that very question, when asked by Information Week.
The reasoning, the statement added, is because the goal is to warn users and encourage strong account security practices, “these warnings are not a response to any particular attack or campaign.”